search logo search cross
Schedule a demo

Struggling to find cloud security expertise?

Our dashboards correlate events across the multi cloud and on-premise, Reduce resolution time time by 95% AccuKnox Dashboards turn hours into minutes

Start Risk Assessment

eBook

ebook

Get eBook worth $199 for Free

DOWNLOAD NOW
1/3

Blog

mssp

Why AccuKnox is the most MSSP Ready CNAPP?

LEARN MORE
2/3

Comparison

Comparison

Searching for Alternative CNAPP?

COMPARE NOW
3/3

KubeArmor Demo

In this post, we walk through a detailed KubeArmor demo, showcasing how this powerful runtime security enforcement system enhances Kubernetes environments. If you’re looking to understand how to secure workloads dynamically using Linux security modules and Kubernetes-native policies, this demonstration offers a hands-on overview.

Due to this, it is easier than ever to build and deploy application environments quickly through containerization which has resulted in 45.6% of enterprises to use Kubernetes in their production environments, it is important for us to know how to secure it.

What is KubeArmor?

KubeArmor is a runtime security enforcement system built specifically for Kubernetes. It leverages Linux Security Modules (LSMs), such as AppArmor or SELinux, to enforce security policies directly at the kernel level. KubeArmor allows users to define granular access controls for containers running in a Kubernetes cluster, helping secure sensitive data and reduce attack surfaces.

This KubeArmor working demo shows how we can apply security policies to monitor and restrict container behavior in real time.

KubeArmor Demo Overview

Before diving into specific use cases, the demonstration is structured with a clear screen layout:

  • Top Right: KubeArmor runtime logs.
  • Bottom Left: Logs generated by KubeArmor for auditing.
  • Middle Right Terminal: Used for enforcing policies.
  • Bottom Right Terminal: Used to trigger policy violations.

Use Case 1: Monitor MySQL Database Access

In our first scenario, we have a microservice setup containing WordPress and MySQL containers. Within the MySQL container, we want to audit access to a specific database directory.

A policy (referred to as mysql policy 1) is created to monitor all file operations in that directory. Once applied, KubeArmor immediately enforces it. As WordPress initializes and creates its database, we see logs showing file access by the MySQL daemon. When we interact with the container directly, KubeArmor continues to track and report different process sources accessing the database directory.

Use Case 2: Restrict Access to WordPress Configuration

Next, we focus on a sensitive file: wp-config.php, which contains the WordPress database ID and password. We want only the Apache process to access this file.

Two policies (mysql policy 2) are applied:

  1. Allow the Apache process to read wp-config.php.
  2. Block all other processes from accessing the file.

Before the policies are enforced, we can read the file without restriction. After enforcement, unauthorized access attempts result in “Permission Denied” messages, and audit logs confirm blocked access. Importantly, WordPress continues to function normally because the permitted Apache process retains access.

Use Case 3: Block Kubernetes Credential Access

Most containers don’t need access to Kubernetes API credentials, but these are often mounted by default. In this use case, we block access to service account tokens.

Initially, the token can be found and used to make API requests to the Kubernetes API server. After applying mysql policy 3, any attempt to read the token or make requests results in a “Permission Denied” error, effectively cutting off unauthorized access to Kubernetes resources.

Use Case 4: Disable Unused Binaries

To reduce the attack surface, it’s best to block executables not used by the application. In this case, we block package management tools like apt and apt-get.

Before applying mysql policy 4, these commands run normally. After the policy is enforced, attempts to run them fail with an error, confirming that KubeArmor has successfully restricted their execution.

Conclusion

This KubeArmor working demo effectively demonstrates how KubeArmor provides deep, runtime-level protection for Kubernetes workloads. By combining audit capabilities with enforcement based on process and file access, KubeArmor helps secure containers without altering the application itself.

Whether you’re protecting secrets, monitoring file usage, or minimizing potential vulnerabilities, KubeArmor offers a practical and powerful way to apply zero-trust principles in Kubernetes environments.

If you’re looking to harden your Kubernetes clusters, try replicating this KubeArmor working demo to see the benefits firsthand.

Now you can protect your workloads in minutes using AccuKnox, it is available to protect your Kubernetes and other cloud workloads using Kernel Native Primitives such as AppArmor, SELinux, and eBPF.

Let us know if you are seeking additional guidance in planning your cloud security program.